R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

104

Use the undo radius client command to disable the RADIUS listening port of a RADIUS client.

By default, the RADIUS listening port is enabled.

When the listening port of the RADIUS client is disabled:

• No more stop-accounting requests of online users cannot be sent out or buffered, and the RADIUS

server can no longer receive logoff requests from online users. After a user goes offline, the RADIUS

server still has the user’s record during a certain period of time.

• The buffered accounting packets cannot be sent out and will be deleted from the buffer when the

configured maximum number of attempts is reached, affecting the precision of user accounting.

• If local authentication, authorization, or accounting is configured as the backup, the device

performs local authentication, authorization, or accounting instead after the RADIUS request fails.

Local accounting is only for monitoring and controlling the number of local user connections; it

does not provide the statistics function that the accounting feature generally provides.

Examples

# Enable the listening port of the RADIUS client.

<Sysname> system-view

[Sysname] radius client enable

radius nas-ip

Syntax

radius nas-ip { ip-address }

undo radius nas-ip { ip-address }

View

System view

Default level

2: System level

Parameters

ip-address: IPv4 address in dotted decimal notation. It must be an address of the device and cannot be

0.0.0.0, 255.255.255.255, a class D address, a class E address, or a loopback address.

Description

Use the radius nas-ip command to specify a source address for outgoing RADIUS packets.

Use the undo radius nas-ip command to remove the configuration.

By default, the source IP address of an outgoing RADIUS packet is the IP address of the outbound

interface.

You can specify up to one public-network source IP address and 15 private-network source IP addresses.

A newly specified public-network source IP address overwrites the previous one.

The source IP address of RADIUS packets that a NAS sends must match the IP address of the NAS that

is configured on the RADIUS server. A RADIUS server identifies a NAS by its IP address. Upon receiving

a RADIUS packet, a RADIUS server checks whether the source IP address of the packet is the IP address

of any managed NAS. If yes, the server processes the packet. If not, the server drops the packet.